<!--
Computer Science Course 531 - Introduction to Software Engineering
Olive Insurance Client Management System (Client Database Access)
Version 1.0 (Base System)
Spring 2011

-- Source Code Details --
Page Tile: agentAccountDetails.php
Created By: David Gonzalez, Computer Science (Undergraduate)
Documented By: Darrius Serrant, Computer Science (Undergraduate)
Purpose: User interface allowing the system administrator add, remove, and modify
        user accounts.
Status: Completed. All essential functionality has been implemented. User interface revisions complete;
code optimization is now pending.

-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <script LANGUAGE="JavaScript" SRC="CalendarPopup.js"></script>
	<script LANGUAGE="JavaScript">
	var cal = new CalendarPopup();
	</script>
        <title>
            Olive Insurance Client Management System - Group Details
        </title>
        <link rel="stylesheet" type="text/css" href="styles/main.css" />
    </head>
    <body>
    <div id ="contentbox">

            <div id="header">
                <img src="images/header.gif" alt="Olive Insurance Client Management System, Version 1.0" />
            </div>
            <div id="separator">
                <img src="images/separator.gif" alt="" />
            </div>
        <?php
        /*
         * PHP Documentation: Handles the insertion, modification, and deletion of agent accounts
         *                    based on the attributes presented in the POST header (i.e. INSERT for 'save',
         *                    UPDATE for 'update', and DELETE for 'delete').
         */
        session_start();
        require_once('connectvars.php');
        $display = "yes";
        $regex = '/^.*(?=.{7,14})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#!$%^&+=]).*$/';
        if(isset($_SESSION['user_name'])){
            if(isset($_POST['save'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $aname = mysqli_real_escape_string($dbc,trim($_POST['aname']));
            $hired = mysqli_real_escape_string($dbc,trim($_POST['hired']));
            $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
            $password = mysqli_real_escape_string($dbc,trim($_POST['password']));
            if(isset($_POST['DISABLED'])) $DISABLED = 1; else $DISABLED = 0;
        if(!empty ($aname) && !empty ($hired) && !empty ($username) && !empty ($password)){
            if(preg_match($regex, $password)){
                $query = "INSERT INTO agent (Name, Date_Hired, Username, Password, DISABLED)" .
                "VALUES ('$aname','$hired','$username',SHA('$password'), '$DISABLED')";
                $data = mysqli_query($dbc, $query) or die("Error Saving");

                mysqli_close($dbc);
                echo "Record Saved <br>";
           }else echo "Password criteria not met!";
        }
        else{
            echo "All fields need to be entered!<br>";
        }
        }
        if(isset($_POST['delete'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $aname = mysqli_real_escape_string($dbc,trim($_POST['aname']));
            $hired = mysqli_real_escape_string($dbc,trim($_POST['hired']));
            $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
            $password = mysqli_real_escape_string($dbc,trim($_POST['password']));

        if(!empty ($username)){
            $query = "SELECT * FROM agent WHERE Username = '$username'";
            $result = mysqli_query($dbc, $query) or die("Error");
            ?><form action ="agentAccountDetails.php" method="post"><?php
            while($row = mysqli_fetch_array($result)){
                echo '<input type ="radio" value="'.$row['id'].
                '" name ="todelete[]" />';
                echo $row['Username'].'<br/>';
            }
            ?>

        <input type="submit" name="remove" value="Remove"/>
        <input type="submit" name="reload" value="Back"/>
        <div id="footer">
                Copyright &copy; 2011 by Olive Insurance, LLC. All rights reserved.
        </div>
        </form>
        <?php
            $display = "no";
        }else{
            mysqli_close($dbc);
            echo "Must have Username";
        }
        }
        if(isset($_POST['remove'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
            foreach($_POST['todelete'] as $deleteid){
                $query = "DELETE FROM agent WHERE id = '$deleteid'";
                mysqli_query($dbc,$query) or die("ERROR DELETING");
            }
            $display = "yes";
            mysqli_close($dbc);
            echo "Record Deleted";
        }
        if(isset($_POST['find'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
            foreach($_POST['toupload'] as $uploadid){
                $query = "SELECT * FROM agent WHERE id = '$uploadid'";
                $data = mysqli_query($dbc,$query) or die("ERROR Finding");
                $row = mysqli_fetch_array($data);
            }
            $display = "No";
            echo "Record Uploaded";
            ?>
        <div id="content">

        <div id="userBlock" class="left">
	<span class="user"><?php echo "(".$_SESSION['user_name'].")"?></span>
	<span class="logout"><a href="logOut.php">log out</a></span> <br />
	<span class="userclass">System Administrator</span>
	</div>

	<p id="backHome">
		<a href="mainPage.php">back to main page</a>
		</p>
		<h3 class="leftclear">
		Agent Details
        	</h3>

            <div id = "managementForm">
            <form action="agentAccountDetails.php" method="POST" name ="Agent">
            <div id="formfields" class="left">
		<fieldset>
		<legend>Data Entry Fields</legend>
		<p class="errormessage">
		</p>
		<div class="field_container">
		<label for ="aname">Agent Name:</label>
                <input type ="text" id="aname" name ="aname" value ="<?php echo $row['Name']?>"/>
		</div>
                <div class="field_container">
		<label for ="hired">Date Hired:</label>
                <input type ="text" id ="hired" name ="hired" value ="<?php echo $row['Date_Hired']?>" READONLY/>
                <A HREF="#"
                onClick="cal.select(document.forms['Agent'].hired,'anchor1','yyyy-MM-dd'); return false;"
                NAME="anchor1" ID="anchor1">select</A>
                </div>
		<div class="field_container">
		<label for ="username">Username:</label>
                <input type ="text" id="username" name ="username" value ="<?php echo $row['Username']?>"/>
		</div>
		<div class="field_container">
		<label for ="password">Password:</label>
                <input type ="text" id ="password" name ="password"/>
		</div>
		<div class="field_container">
		<?php if($row['DISABLED'] == 0) echo '<input type="checkbox" name="DISABLED">DISABLED';
                else echo '<input type="checkbox" name="DISABLED" CHECKED>DISABLED';?>
		</div>
		</fieldset>
		</div>
		<div id="formbuttons">
		<fieldset>
		<legend>Management Actions</legend>
                <input type ="hidden" value="<?php echo $row['id']?>" name="id"/>
                <input type="submit" class="manageButton" name="update" value="Update Agent" />
                <input type="submit" class="manageButton" name="save" value="Save Agent" />
		<input type="submit" class="manageButton" name="delete" value="Delete Agent" />
		<input type="submit" class="manageButton" name="search" value="Search Agent" />
		</fieldset>
                </div>
                </form>
		</div>

            <div id="footer">
                Copyright &copy; 2011 by Olive Insurance, LLC. All rights reserved.
            </div>

        </div>
        <?php
            mysqli_close($dbc);
        }
                /*
         * PHP Documentation: Handles the insertion, modification, and deletion of agent accounts
         *                    based on the attributes presented in the POST header (i.e. INSERT for 'save',
         *                    UPDATE for 'update', and DELETE for 'delete'). Continuation of what was
         *                   present in the previous block, but with the additon of search handling.
         *
         */
        if(isset($_POST['update'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $aname = mysqli_real_escape_string($dbc,trim($_POST['aname']));
            $hired = mysqli_real_escape_string($dbc,trim($_POST['hired']));
            $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
            $password = mysqli_real_escape_string($dbc,trim($_POST['password']));
            if(isset($_POST['DISABLED'])) $DISABLED = 1; else $DISABLED = 0;
            $id = mysqli_real_escape_string($dbc,trim($_POST['id']));

            if(!empty ($aname) && !empty ($hired) && !empty ($username)){
                if($password == ""){
                $query = "UPDATE agent SET Name = '$aname', Date_Hired = '$hired', Username = '$username',".
                "DISABLED = '$DISABLED' WHERE id = '$id'";
                $data = mysqli_query($dbc, $query) or die("Error Updating1");

                mysqli_close($dbc);
                echo "Record Updated <br>";
                }else{
                    if(preg_match($regex, $password)){
                    $query = "UPDATE agent SET Name = '$aname', Date_Hired = '$hired', Username = '$username',".
                    "Password = SHA('$password') DISABLED = '$DISABLED' WHERE id = '$id'";
                    $data = mysqli_query($dbc, $query) or die("Error Updating2");

                    mysqli_close($dbc);
                    echo "Record Updated <br>";
                    }else echo "Password criteria not met!";
                }
        }
        else{
            echo "All fields need to be entered!<br>";
        }
        }
        if(isset($_POST['search'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $aname = mysqli_real_escape_string($dbc,trim($_POST['aname']));
            $hired = mysqli_real_escape_string($dbc,trim($_POST['hired']));
            $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
            $password = mysqli_real_escape_string($dbc,trim($_POST['password']));

        if(!empty ($username)){
            $query = "SELECT * FROM agent WHERE Username = '$username'";
            $result = mysqli_query($dbc, $query) or die("Error");
            ?><form action ="agentAccountDetails.php" method="post"><?php
            while($row = mysqli_fetch_array($result)){
                echo '<input type ="radio" value="'.$row['id'].
                '" name ="toupload[]" />';
                echo $row['Username'].'<br/>';
            }
            ?>

        <input type="submit" name="find" value="Find"/>
        <input type="submit" name="reload" value="Back"/>
        <div id="footer">
                Copyright &copy; 2011 by Olive Insurance, LLC. All rights reserved.
            </div>
        </form>
        <?php
            $display = "no";
        }else{
            mysqli_close($dbc);
            echo "Must have Username";
        }
        }
        if(isset($_POST['reload'])){
            header('Location: ./agentAccountDetails.php');
        }
        if($display == "yes"){?>
        <div id="content">

        <div id="userBlock" class="left">
	<span class="user"><?php echo "(".$_SESSION['user_name'].")"?></span>
	<span class="logout"><a href="logOut.php">log out</a></span> <br />
	<span class="userclass">System Administrator</span>
	</div>

	<p id="backHome">
		<a href="mainPage.php">back to main page</a>
		</p>
		<h3 class="leftclear">
		Agent Details
        	</h3>

            <div id = "managementForm">
            <form action="agentAccountDetails.php" method="POST" name ="Agent">
            <div id="formfields" class="left">
		<fieldset>
		<legend>Data Entry Fields</legend>
		<p class="errormessage">
		</p>
		<div class="field_container">
		<label for ="aname">Agent Name:</label>
                <input type ="text" id="aname" name ="aname"/>
		</div>
                <div class="field_container">
		<label for ="hired">Date Hired:</label>
                <input type ="text" id ="hired" name ="hired" READONLY/>
                <A HREF="#"
                onClick="cal.select(document.forms['Agent'].hired,'anchor1','yyyy-MM-dd'); return false;"
                NAME="anchor1" ID="anchor1">select</A>
                </div>
		<div class="field_container">
		<label for ="username">Username:</label>
                <input type ="text" id="username" name ="username"/>
		</div>
		<div class="field_container">
		<label for ="password">Password:</label>
                <input type ="text" id ="password" name ="password"/>
		</div>
		<div class="field_container">
		<input type="checkbox" name="DISABLED"/>DISABLED
		</div>
		</fieldset>
		</div>
		<div id="formbuttons">
		<fieldset>
		<legend>Management Actions</legend>
                <input type="submit" class="manageButton" name="save" value="Save Agent" />
		<input type="submit" class="manageButton" name="delete" value="Delete Agent" />
		<input type="submit" class="manageButton" name="search" value="Search Agent" />
		</fieldset>
                </div>
                </form>
		</div>

            <div id="footer">
                Copyright &copy; 2011 by Olive Insurance, LLC. All rights reserved.
            </div>

        </div>
        <?php
        }
        }else{
                    /*
         * PHP Documentation: Login page redirection for unauthenticated users.
         *
         */
            ?>
            <div id="loginbox">
                <p class="sectionheader">
                    Authentication Required
                </p>
                <div id="loginform">
                    <div class="invalid">
                        <img src="images/Progress_Wheel.gif" alt="" />This page is restricted from unauthorized users. Please log in.
                    </div>
                </div>
            </div>
             <?php
                header('Refresh: 2; ./loginPage.php');
        }
        ?>
    </div>
    </body>
</html>